Apache HTTP Server logs

First and foremost, the Apache HTTP Server error log should be analysed as this provides detailed information about any errors that have occurred on your web server. By default errors are logged in the error_log file located in the logs directory inside the Apache root installation. Logging levels can also be adjusted from the Apache httpd.conf configuration file in order to specify which type of errors are recorded. Information on the eight different log levels can be found here. Adjusting the log level to a higher one may present you with more information on the issue, but will also make it more difficult to find what you are after. Apart from error logs, Apache also provides access logs, which record all requests processed by the server. These logs may also give additional explanations of what could have caused the issue and can also complement information found in the error logs.

Use the mod_log_forensic module

The mod_log_forensic module is used to provide forensic logging of client requests. This includes logging requests before and after they have been processed, where the same requests are referenced with the same ID. Therefore, any issues caused by specific requests can be easily identified. This can help analyse which requests may be causing your web server to stall or crash. To enable this module, you need to setup the following lines in your Apache httpd.conf configuration file:

LoadModule log_forensic_module modules/mod_log_forensic.so

LoadModule unique_id_module modules/mod_unique_id.so

ForensicLog logs/forensic_log

Also, the check_forensic Bash script can be used in combination with the mod_log_forensic module to list any incomplete requests found in the forensic log. An example of how the check_forensic tool can be used is included below: